Group Policy 2008 Features windowstricks.

in

Page 1 of 4

Group Policy 2008 Features

By mail2spi2014 | March 21, 2011

0 Comment
Group Policy 2008
Features: I will
discusses about the
Group policy changes in
windows 2008 server,
Microsoft have made

some of interesting changes and added new features in

Group Policy 2008, first I will list the features and explain
one by one
New Administrative template files (ADMX)
New Policy settings
o Power options
o Block device installation
o Improved security settings
o Internet Explorer settings management
o Assign printers based on location
o Delegate printer driver installation to users
Group Policy slow link detection
SYSVOL replication change
SYSVOL uses DFS Replication service to replicate Group Policy object files to other domain controllers (In windows
server 2003 uses FRS to replicate this)
Am very interested about the below changes because I have faced several issues related to this in windows 2003 group
policy
Group Policy slow link detection
Internet Explorer settings management
Blocking device installation
SYSVOL replication change
New Administrative template files (ADMX)
In windows server 2003 and earlier versions, ADM file used to store registry based GPO settings, In Windows server
2008 ADMX file used to store registry based GPO settings, its a XML based and easy to manage registry based policy
settings

http://www.windowstricks.in/2011/03/group-policy-2008-features.html

10/17/2016

Group Policy 2008 Features windowstricks.in

Page 2 of 4

ADMX format support Multilanguage, centralized datastore, and version control capabilities, policy can be edited in
other language that was created in English language because Group Policy tools will adjust the user interface according
to the administrators configured language, you can also create a Central Store for Group Policy Administrative
Templates to reduce the disk space, see article in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?
LinkId=122539)
New Policy settings
Power options: Now you can configure the power option through group policy
Configure power option through GPO:
Computer Configuration ->Administrative Templates -> System -> Power Management
Block device installation: In windows 2003 to block the device assess like USB and CD drive we have to import the
customized ADM file, in windows 2008 its inbuilt yes now you can configure he device access through group policy
Configure Block device installation through GPO:
Computer Configuration ->Administrative Templates -> System -> Device Installation
Improved security settings: IPsec & firewall setting are combined to provide the enhanced security and avoid policy
duplication
Configure security settings through GPO:
Computer Configuration -> Windows Settings -> Security Settings -> Windows Firewall with Advance Security

Internet Explorer settings management: We had an issue like some one edited the GPO to update the trusted sites
and we have lost entire IE configuration because he used a different account to change the group policy, its a known
concern in Windows server 2003 because Internet Explorer policy settings would change based on the policy settings
enabled on the administrative workstation used to view the settings.
In windows 2008 this behavior has been changed, you can change the Internet Explorer policy settings without
affecting the policy configuration
Configure Internet Explorer settings through GPO:
Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer
User Configuration -> Administrative Templates -> Windows Components -> Internet Explorer
Click here to Configuring trusted website and activex settings for IE7 or Vista and later versions using group policy
Assign printers based on location: Install the network printer based on the user location, its very useful for the
roaming user because if the user login to the network other then the base location GPO will install the printer for the
new location.
Assign printers based on location through GPO:
Computer Configuration -> Windows Settings -> Deployed Printers
User Configuration -> Windows Settings ->Deployed Printers

http://www.windowstricks.in/2011/03/group-policy-2008-features.html

10/17/2016

Group Policy 2008 Features windowstricks.in

Page 3 of 4

Delegate printer driver installation to users: Now user can install the printer on there system without admin access,
it helps to reduce the security risk and admin effort.
Delegate printer driver installation through GPO:
Computer Configuration -> Administrative Templates -> System -> Driver Installation
Group Policy slow link detection
This was a big problem in windows server 2003 because it uses the ICMP ping to detect the network bandwidth, some
of the VPN sites ICMP ping might be disabled in firewall or the MTU size would be less then the required limit and also
ping will increase the network traffic to overcome this problems Microsoft come up with solution called NLA (Network
Location Awareness)
Network Location Awareness is a service on client computer, it provide necessary information about the network and
GPO uses this to apply the policy settings, most important its not using ICMP ping and very efficient compare to earlier
process in Windows 2003, Check Group Policy Processing over Slow Linksfor Windows server 2003
SYSVOL Replication
In windows server 2003 FRS (File replication service) has been used to replicate SYSVOL folder changes, in windows
server 2008 you can use the DFS (Distributed File System) to replicate changes on the SYSVOL folder, to use this
feature you should have Windows Server 2008 domain functional level that means all the domain controller has to be
Windows Server 2008
If any changes in SYSVOL share, FRS replicate the entire file unlike the DFS, DFS only replicate the change in the file,
sounds like a attribute level Active Directory replication, it compare the source and destination file using remote
differential compression (RDC)
If you are migrated from windows 2003 to windows server 2008, FRS is the default replication service for SYSVOL
replication, you have to migrate the SYSVOL share to use the DFS
Compare to earlier version Group Policy settings has
increased from approximately 2,400 in Windows Server
2008 to optimize the environment and support new
features, more infofrom technet

Related Posts:
1. Issue managing IE configuration through GPO
2. Group Policy slow link detection on windows server 2008
3. Why we cant edit/view windows 2008, Vista and windows 7 GPO settings from windows 2003

http://www.windowstricks.in/2011/03/group-policy-2008-features.html

10/17/2016

Group Policy 2008 Features windowstricks.in

Page 4 of 4

4. Difference between windows server 2003 and windows 2008

Category: GPO Windows Server 2008

Copyright 2016 www.windowstricks.in.All Rights Reserved

http://www.windowstricks.in/2011/03/group-policy-2008-features.html

10/17/2016